[SECCOMP-31580] FIPS suport

Author: alxbxbx

.github/workflows/build.yaml

@@ -21,6 +21,9 @@ jobs:
         docker: ['scratch','ubi']
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 1
+      GOEXPERIMENT: boringcrypto
     name: ${{ matrix.docker }}
     steps:
     - name: Login to Quay.io

.github/workflows/golangci-lint.yml

@@ -14,6 +14,9 @@ jobs:
   golangci:
     name: lint
     runs-on: ubuntu-latest
+    env:
+      CGO_ENABLED: 1
+      GOEXPERIMENT: boringcrypto
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

.promu.yml

@@ -1,6 +1,7 @@
 go:
     # This must match .circle/config.yml.
     version: 1.18
+    cgo: true
 repository:
     path: github.com/prometheus-community/elasticsearch_exporter
 build:

Dockerfile

@@ -1,5 +1,8 @@
 FROM quay.io/prometheus/golang-builder AS builder
 
+ENV CGO_ENABLED=1
+ENV GOEXPERIMENT=boringcrypto
+
 ARG PROMU_VERSION=0.13.0
 ADD  https://github.com/prometheus/promu/releases/download/v${PROMU_VERSION}/promu-${PROMU_VERSION}.linux-amd64.tar.gz ./
 RUN tar -xvzf promu-${PROMU_VERSION}.linux-amd64.tar.gz && mv promu-${PROMU_VERSION}.linux-amd64/promu /go/bin
@@ -8,7 +11,7 @@ ADD .   /go/src/github.com/prometheus-community/elasticsearch_exporter
 WORKDIR /go/src/github.com/prometheus-community/elasticsearch_exporter
 
 RUN go mod download
-RUN make 
+RUN make
 
 FROM scratch AS scratch
 

Makefile.common

@@ -36,6 +36,9 @@ GO_VERSION        ?= $(shell $(GO) version)
 GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION))
 PRE_GO_111        ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.')
 
+export CGO_ENABLED := 1
+export GOEXPERIMENT := boringcrypto
+
 PROMU        := $(FIRST_GOPATH)/bin/promu
 pkgs          = ./...
 

build/Jenkinsfile

@@ -12,13 +12,15 @@ pipeline {
         ARTIFACTORY_URL = 'docker.internal.sysdig.com'
         EXPORTER = 'elasticsearch-exporter'
         VERSION = '1.2.1'
+        CGO_ENABLED = '1'
+        GOEXPERIMENT = 'boringcrypto'
     }
 
     stages {
         stage('Pull image from artifactory') {
             steps {
                 script {
-                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {                        
+                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {
                         sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}"""
                         sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi"""
                     }
@@ -40,4 +42,4 @@ pipeline {
             }
         }
     }
-}
+}

main.go

@@ -23,6 +23,8 @@ import (
 
 	"context"
 
+	_ "crypto/tls/fipsonly"
+
 	"github.com/go-kit/log/level"
 	"github.com/prometheus-community/elasticsearch_exporter/collector"
 	"github.com/prometheus-community/elasticsearch_exporter/pkg/clusterinfo"